If you have set up SSO for your identity provider (IdP) with the Adobe Admin Console and your end users can't log in to their Adobe apps and services, the SAML-certificate may have expired.


You are facing any of the following issues:
  • Users are logged out and can't sign in to the Adobe Creative Cloud web, mobile, or desktop apps
  • Users see errors when try to sign in
  • Admin can't add/remove/manage users or product profiles

Error message

On sign-in attempt, end users see error messages similar to the following:
  • SAML certification validation failed
  • The digital signature in the SAML response did not validate with the identity provider's certificate


Sign in to the Adobe Admin Console and raise a support case with an updated SSO-certificate. Adobe will update the certificate on the Admin Console and notify you.

Additional information: Certificate requirements

You can use an updated SSO-certificate from your IdP or any other Certificate Authority (CA). Ensure to match the following configuration:

  • Certificate is in PEM format
  • Certificate extension is: .cer, .pem, or .cert
  • Certificate is in a multi-line format

To know more about certificate requirements, see Federated ID troubleshooting.